Protecting against DNS and other attacks

Microsoft Forefront Threat Management Gateway provides the DNS Filter, which intercepts and analyzes all inbound DNS traffic destined for the Internal network and other protected networks. If the detection of DNS attacks is enabled, you can specify that the DNS Filter will check for specific types of suspicious activity. For more information about the detection of DNS attacks, see Overview of intrusion detection.

On the DNS Attacks tab, select Enable detection and filtering of DNS attacks.

Select one or more of the following types of suspicious activity:

DNS host name overflow. Select this option if Forefront TMG should check for DNS host name overflow attempts. The DNS Filter intercepts and analyzes DNS traffic destined for the Internal network. DNS host name overflow occurs when a DNS response for a host name exceeds a certain fixed length (255 bytes).